Solved

Changing Permissions on multiple folders for different users easily.

Posted on 2006-06-22
11
316 Views
Last Modified: 2012-05-05
What happened is someone changed the security under all the user profile folders to "everyone" with full permissions and no one else.

These are user folders and the problem is everyone can get into everyone elses data.

What I was hoping is to have a script that would add the user to the folder with full permissions, add administrator with full permissions, and remove everyone.

Anyway to do this easily without having to change them by hand one at a time. Their is 3600 users on this server so we need another option.

Also the folder name is the users name who owns it.
0
Comment
Question by:Roginsky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 16964417
The following batch script will walk through the folders and change the permissions; it adds the System account as well.

@echo off
setlocal
:: *** Path to the home folder root:
set HomeRoot=\\SomeServer\Home
for /d %%a in ("%HomeRoot%\*.*") do (
  ECHO xcacls "%%a" /t /g %Userdomain%\%%~nxa:F Administrators:F System:F /y
)

It's currently in test mode, it will only display the cacls command it would otherwise run. To run it for real, remove the capitalized ECHO.
Try this with a dummy home share (just a share with some folders named like user accounts) first to check if it works correctly. If that proves successful, run it against the real home folder.
0
 

Author Comment

by:Roginsky
ID: 16964474
This still won't help me to add the user to have full permissions.

Example if the user name is 10001a then the folder's name is 10001a so I just need that user to have permissions to that folder.

Also it didn't work on the test folders I setup. They still only have "Everyone" and no other groups.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16964500
Yes, and that's what this script should do. Did you see the remark about the test mode and removing the ECHO to run it for real? With the ECHO in it, it should just list the xcacls commands it would otherwise run.
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:Roginsky
ID: 16964516
Yes I did read what was posted.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16964530
Well, what happened? Any error messages?
0
 

Author Comment

by:Roginsky
ID: 16964630
I get the popup that I am not using cscript engine to run the command. and nothing happens.

I just now add cscript where ECHO use to be.

I get this error.

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Input Error: There is no file extension in "C:\xcacls".
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16964655
That's a batch script; you need to save it as whatever.cmd, not whatever.vbs.
0
 

Author Comment

by:Roginsky
ID: 16964677
I edited the file and it works. It was getting an error with the /y option it says no such option.

here is what worked seems to work. it added the correct permissions how I wanted it.

@echo off
setlocal
:: *** Path to the home folder root:
set HomeRoot=\\siena\test
for /d %%a in ("%HomeRoot%\*.*") do (
cscript xcacls.vbs "%%a" /t /g %Userdomain%\%%~nxa:F Administrators:F users:F
  )
0
 

Author Comment

by:Roginsky
ID: 16964680
and yes I know I saved it as .bat

it wanted the .vbs after xcacls
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16966764
Sorry, forgot that xcacls is an extra download; check here:
Windows 2000 Resource Kit Tool: Xcacls.exe
http://www.microsoft.com/downloads/details.aspx?FamilyID=7a3e2241-d7d0-42b6-b86e-6eda88726c01&displaylang=en

Otherwise,
echo y| cacls.exe "%%a" /t /g %Userdomain%\%%~nxa:F Administrators:F users:F
should do the trick, too.
0
 

Author Comment

by:Roginsky
ID: 16985097
Yeah I have xcacls and the echo y didn't work I just used what I put three responses up
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question